cominfra/documentation
cominfra
/
documentation
8
0
Fork 0
Code Issues 5 Pull Requests Activity
documentation/Machines virtuelles/generic.md

2.9 KiB
Raw Blame History

Machine virtuelle GENERIC

(c'est-à-dire le modèle de toutes les machines virtuelles)

...

Matériel virtuel

CPU : 1
RAM : 1000 Mio Stockage de masse : 50 Gio (fichier sparse i.e les zéros ne sont pas écrits sur le disque)

Logiciel

Système d'exploitation : Debian GNU/Linux-libre 11 (Bullseye)
Noyau : Linux-libre LTS (linux-libre-lts des dépôts https://linux-libre.fsfla.org)
Sécurités de la maintenance : etckeeper, mollyguard, git, tig, screen
Mail Transfer Agent : postfix

Caractéristiques notables

Domaine : dns.libre-en-communs.org
Adresse ipv4 publique : 80.67.179.96
Adresse ipv4 interne : 192.169.1.195
Adresse ipv6 publique : 2001:910:1360::4

Configuration réseau

/etc/network/interfaces

# The primary network interface
allow-hotplug enp1s0
iface enp1s0 inet dhcp
iface enp1s0 inet6 static
    address 2001:910:1360::4/128
    gateway 2001:910:1360::

Configuration SSH

/etc/ssh/sshd_config

#	$OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

    Port 22
    AddressFamily any
    ListenAddress 0.0.0.0
    ListenAddress ::

    PubkeyAuthentication yes

    PasswordAuthentication no
    PermitEmptyPasswords no

    ChallengeResponseAuthentication no

    UsePAM yes

    PrintMotd no

    AcceptEnv LANG LC_* GIT_*

    Subsystem	sftp	/usr/lib/openssh/sftp-server

    Match Group ssh-login
        PasswordAuthentication yes

/etc/host.allow

sshd: 192.169.1.0/24, [2001:910:1360::]/48

/etc/host/deny

sshd: ALL

Configuration SUDO

/etc/sudoers

#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults	env_reset
Defaults        env_keep += "GIT_AUTHOR_NAME GIT_AUTHOR_EMAIL"
Defaults	mail_badpass, insults
Defaults	secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root	ALL=(ALL:ALL) ALL

# Allow members of group sudo to execute any command
%sudo	ALL=(ALL:ALL) NOPASSWD:ALL

# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d

Configuration MTA

/etc/postfix/transport

a-lec.org    :
*              discard:

/etc/postfix/virtual

@localhost admin@a-lec.org
@generic.a-lec.org admin@a-lec.org